Renesas Electronics Corporation announced both PSA Certified Level 2 and Security Evaluation Standard for IoT Platforms (SESIP) certifications for its RA Family of 32-bit Arm Cortex-M microcontrollers (MCUs).
Renesas’ RA6M4 MCU Group devices with the Flexible Software Package (FSP) have been PSA Level 2 certified, expanding on the PSA Certified Level 1 achieved by RA4 and RA6 Series MCUs. Renesas’ RA6M3, RA6M4, and RA4M2 MCU groups have achieved SESIP1 certification with Physical and Logical Attacker certifications.
In addition to these widely recognized industry certifications, Renesas RA MCUs offer customers the ultimate IoT security by combining Secure Crypto Engine IP with NIST CAVP certifications on top of Arm TrustZone for Armv8-M. RA Family devices incorporate hardware-based security features from simple AES acceleration to fully-integrated crypto subsystems isolated within the MCU. The Secure Crypto Engine provides symmetric and asymmetric encryption and decryption, hash functions, true random number generation (TRNG), and advanced key handling, including key generation and MCU-unique key wrapping. An access management circuit shuts down the crypto engine if the correct access protocol is not followed, and dedicated RAM ensures that plaintext keys are never exposed to any CPU or peripheral bus.
PSA Certified offers a framework for securing connected devices, from analysis through to security assessment and certification. The framework provides standardized resources addressing the growing fragmentation of IoT requirements, ensuring security is no longer a barrier to product development. PSA Certified through a third-party laboratory evaluation of a PSA Root of Trust (PSA-RoT), PSA Certified Level 2 provides evidence of protection against scalable software attacks. Evaluation Labs use vulnerability analysis and penetration testing of the PSA-RoT to establish if the nine security requirements of the PSA-RoT Protection Profile have been met.
SESIP is an optimized version of Common Criteria methodology (ISO 15408-3) for the evaluation of IoT components and connected platforms. SESIP defines a catalog of Security Functional Requirements (SFRs), which the product developer can use to build their secure device, scaling appropriately for their specific threat model and use case. SESIP also incorporates and refines Common Criteria Security Assurance Requirements (SARs), including the requirement ALC_FLR.2 Flaw Reporting Procedures, which Renesas addresses with its Renesas PSIRT (Renesas Product Security Incident Response Team) process and public web interface. Specifically designed for SFR reuse and mapping to other certifications, the SESIP methodology enables product developers to pursue appropriate certification of their device to other industry-standard certifications such as IEC 62443.